Commit f7d3c347 authored by Eric Sandeen's avatar Eric Sandeen Committed by Lachlan McIlroy

[XFS] Remove CONFIG_XFS_SECURITY.

There is no point to the CONFIG_XFS_SECURITY option; it disables the
ability to set security attributes at runtime, but it does not actually
slim down or remove any code for runtime. Just remove it and always allow
security attributes to be set.

SGI-PV: 980310
SGI-Modid: xfs-linux-melb:xfs-kern:30877a
Signed-off-by: default avatarEric Sandeen <sandeen@sandeen.net>
Signed-off-by: default avatarTim Shimmin <tes@sgi.com>
Signed-off-by: default avatarLachlan McIlroy <lachlan@sgi.com>
parent 6d1337b2
......@@ -35,18 +35,6 @@ config XFS_QUOTA
with or without the generic quota support enabled (CONFIG_QUOTA) -
they are completely independent subsystems.
config XFS_SECURITY
bool "XFS Security Label support"
depends on XFS_FS
help
Security labels support alternative access control models
implemented by security modules like SELinux. This option
enables an extended attribute namespace for inode security
labels in the XFS filesystem.
If you are not using a security module that requires using
extended attributes for inode security labels, say N.
config XFS_POSIX_ACL
bool "XFS POSIX ACL support"
depends on XFS_FS
......
......@@ -50,13 +50,7 @@ extern void xfs_qm_exit(void);
# define set_posix_acl_flag(sb) do { } while (0)
#endif
#ifdef CONFIG_XFS_SECURITY
# define XFS_SECURITY_STRING "security attributes, "
# define ENOSECURITY 0
#else
# define XFS_SECURITY_STRING
# define ENOSECURITY EOPNOTSUPP
#endif
#define XFS_SECURITY_STRING "security attributes, "
#ifdef CONFIG_XFS_RT
# define XFS_REALTIME_STRING "realtime, "
......
......@@ -2646,14 +2646,6 @@ attr_trusted_capable(
return 0;
}
STATIC int
attr_secure_capable(
bhv_vnode_t *vp,
cred_t *cred)
{
return -ENOSECURITY;
}
STATIC int
attr_system_set(
bhv_vnode_t *vp, char *name, void *data, size_t size, int xflags)
......@@ -2724,7 +2716,7 @@ struct attrnames attr_secure = {
.attr_get = attr_generic_get,
.attr_set = attr_generic_set,
.attr_remove = attr_generic_remove,
.attr_capable = attr_secure_capable,
.attr_capable = (attrcapable_t)fs_noerr,
};
struct attrnames attr_user = {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment